Posted
by
jamie
on Thursday June 30, 2005 @05:30PM
from the whistleblower dept.

Chip Salzenberg writes "In April of this year, Health Market Science of King of Prussia, PA, told police that they feared I was misappropriating trade secrets. That very afternoon, police raided my house with a search warrant to seize every computer in the house, paper files, CDs, and DVDs... even my wireless router and cable modem!" Chip was the pumpking for perl's 5.004 release. Keep reading for his description of his current legal troubles, and for a shortcut into what he says prompted his former company's actions, read his letter warning about abuse of open proxies.

Chip continues: "The key evidence in the search warrant was so ridiculous as to be surreal: CVS logs indicating that I downloaded more than I uploaded, and that I sometimes accessed the company network from home. Apparently, for company management, the police, and a judge, working at home through a gateway the company set up for that very purpose, and refraining from editing every source file for every code change, is a sign of nefarious behavior.

My behavior in accessing the company network was entirely within my job description and in no way involved misappropriation of anything. For the more than two years that I worked at HMS, I used ssh and CVS to access company files with my laptop both from work and home, with management knowledge and approval.

What would lead management to such a sudden action? Days beforehand, I had made an internal report of unethical and apparently illegal behavior by the company: Use of open proxies for web harvesting to avoid blockage by web site operators. HMS apparently decided that working with me to address their use of open proxies was not an option.

Health Market Science is a large corporation with, compared to me, effectively infinite resources. My legal bills have topped $40K already over just two months. If HMS succeeds in tarring me with their false accusations, what's to stop your employer or client from doing the same to you, should your relationship sour?

Friends have set up GeeksUnite.net, an informational web site and Legal Defense Fund. The site includes the search warrant, my letter about open proxy abuse, and court documents.

Please contribute to my Defense Fund to fight this attack on the normal and legal work practices of millions of tech workers. Every little bit counts! If every person who visits the site contributes only ten dollars, that will make a huge difference. Only through community effort can we protect ourselves."

Laws do exist, but the simple reality is that most whistle blowers still get screwed and are never able to work in their respective industry again. That's probably why he tried to resolve the problem internally first, although creating a paper trail exposing misconduct can scare management just as bad.

Judging from the Company's actions, if Salzenberg wants to litigate the matter of the return of
his personal property in an expeditious manner, he should seek out a criminal law attorney and file a
Jencks motion for the return of said property. It will be heard by a different Judge, and he'll be able
to show the Company's prejudicial actions. I had to file same to have the FBI return my property to
me, and (though expensive) it worked like a charm.

Here's a link to a Jencks Motion [ipsn.org] for the return of property.

It's all part of a wider corruption. Large corrupters spend huge amounts
to get lazy judges elected, and work for the defeat of judges who do a good
job.

Part of the way corruption of the courts is accomplished by not giving
the courts enough money to operate. A 2003-06-24 op-ed article by Charles
Williamson, then president of the Oregon State Bar, in The Oregonian, the
Northwest's largest newspaper, said, "The crippling loss of nearly
one-third of their staff have left our courts unable to hear criminal cases
such as car theft, shoplifting, prostitution, fraud and identity theft."

The corruption of the patent office is part of the same thing. Large
corrupt corporations want stupid patents because they can scare others away
from coming close to their technology. They don't care if they lose a few
court cases. Taking something to court is so expensive that they win just
because of the threat.

Note that outsourcing is the same kind of corruption as is thoroughly
discussed in the book about corporate corruption mentioned above. Programmers
in India can produce good work, that's not the issue.

The issue is that the corrupt corporate manager wants to put a
distance between himself and managing programming. Managing programming is
time-consuming and requires serious concern and considerable technical
knowledge and teamwork. If the programming department remains inside the
company, the corrupt manager will be responsible. If the programming is
outsourced, a level of deniability is introduced.

That extra level of bureaucracy and distance has four results:

Any serious project will be at least a partial failure, because no project
plan defines everything. In serious progamming projects, there is a need for
additional research and creative decision-making every few hours, and usually
much more frequently.

The corrupt manager can avoid responsibility, and can easily find a job at
a new company by the time the low quality of the software becomes generally
known.

The contracting company has assured that they will have an Indian
competitor (if the outsourcing is to India), because the outsourcing defines
for another company what is needed for that particular application.

The state of Pennsylvania has a whistleblower protection law for employees of public companies. Judges have tried to extend it to some extent to companies that recieve their revenue from government. That wouldn't apply in this case at all. The law explicitly does not protect Chip.

I don't know about you, but I don't think morals should change simply because you don't like someone.

Certainly, if there is probably cause that he commited a crime, he should be investigated, and then prosecuted if the investigation bears out the initial suspicions, but that isn't what happened here. His home was searched and his property siezed, and *not* returned, based on him doing his damn job. It would be like your boss having you arrested for tressp

Salzenberg was working for a company that started using some seriously shady practices. He did the legally appropriate thing, and brought it to the attention of upper management/officers. They went ballistic and pulled the plug on him insteas of the illegal activity. (what says that they already knew of the illegal activities?).

They then called the cops on hime and got them to sieze his compuers on the flimsiest of evidence.

Any time you're going to be challenging the mental giants that are in charge, ALWAYS have a lawyer in your pocket and all your ducks in a row. And offsite backups.Seriously, what the hell did he expect - if they can use open proxies like this, that they would play nice with him?

Any time you're going to be challenging the mental giants that are in charge, ALWAYS have a lawyer in your pocket and all your ducks in a row. And offsite backups.

I absolutely agree. Speak softly and carry a big stick.

This was a loud letter full of scarrey words for a CEO like "illegal" and "under explicit management direction" and it ends with "notifying the appropriate authorities". Hell, if I was a CEO and I got this letter, I'd freak out too.

DON'T EVER send a letter like this without already having talked to a lawyer and given the lawyer everything you'd need. The unfortunate fact is that police will raid the house of an employee in a heartbeat, take all your computers with evidence on them and hand them over to the criminal employer who can then accidentally delete all the evidence. There's no way in hell they'd be able to get to anything you've given your lawyer though.

Honestly.. I'd want to have already talked to the appropriate authorities before sending a letter as explosive as the one he sent.

While this is sound advice, it doesn't necessarily follow from this story.

He said he made an internal report of unethical and possibly illegal behaviour. It doesn't say he took this up with police at all. It sounds more like he was trying to warn them that they were doing something they shouldn't be so they could stop before they got caught.

He said he made an internal report of unethical and possibly illegal behaviour. It doesn't say he took this up with police at all.

Read the last paragraph of the letter again -- he was definitly threatening them with exposure to the legal authorities.

And hey, more power too him -- that was certainly the morally right thing to do. But as a practical matter, you want to make damn sure you have all of your ducks in a row and have an old-school carnivore lawyer in your corner before you throw that kind of th

mmmmmph. I don't think it's that clean-cut. Management of this company may have been corrupt, but presumably not every other employee was in on it. (They're a big company.) So, assuming that you like your co-workers and don't want to see them all out of a job (either from the cops shutting down the company or from management firing anyone who was friendly to the whistleblower), and assuming also that you believe the company can be profitable without engaging in illegal behavior, I can see wanting to try

Retain, and have a very long chat with a very good lawyer before you threaten your bosses with police action.

Amen. I learned the hard way through several companies (some I started, some I helped turn around, and some I was wise to leave) that unless you're old money, your best option is to walk away. Notify the authorities anonymously and under extreme caution if you must, but make sure it's darn near impossible to pin it on you that you were the whistleblower, and even then, expect them to still come after you (who do you think the authorities work for, the people? LOL!). Old money and its network will blacklist you further than you'd ever imagine possible. Old money continues to keep making money by having idealistic middle class hard working entrepreneurs achieve great successes, only to discover old money eats first. After they are full, they may decide to leave you with some scraps.

The most important lesson I learned is that in any company, figure out quickly who is just like you (assuming you're a member of the unpriviledged middle class) and who's old money nobility. They're special people - the equivelent of "made men" - and middle class folks are not permitted to touch them. I learned at one company that even a psychotic, cocaine abusing, chair-sniffing and female harassing sexual predator, old money company owner who kept on blowing through family millions had more clout than a the technology manager who rebuilt the dying company product.

If you have to get into battle, get an old money law firm and get some old money patrons on your side. Let them protect you and understand you'll have to pay back the favor if you haven't already earned it. Just because the United States is technically a representative republic doesn't mean Machievelli's world doesn't rule here. I've had too many attorneys explain otherwise (if you've ever had a hearing moved to a different judge that your attorney used to clerk for, you know what I mean). As long as you understand that several thousand years of civilization has been about those in power making sure that the rest of us keep them in power and luxury, and you don't mess with that rule, you'll do fine.

reverses the meaning of what I presume is your intention, "well heeled conmen".

A typo indeed.

But most large companies are not run by obvious scumbags because they would be destroyed by the scumbags running the company into the ground. Adelphia is an example of what happens eventually.

Unfortunately that is not true. Large companies, especially the so-called "multinationals" enjoy immense support from politicians and national governments. Partly because politicians of all stripe are corrupt, but mostly because politicians fear large scale job losses and thus engage in various forms of corporate welfare, handing out tax breaks, government-guaranteed loans or outright grants and in many cases alter national laws to suit the mega-corporations. Add to this the fact that crookery can go on for a very long time undetected, masked by phony, on-paper "profits", masquerading as "growth" due to never ending cycle of "buy now, pay later" acquisitions of other companies and in some cases the crooks actually manage to make money for the corporation, if they corrupt the local government sufficiently and are allowed to establish an effective monopoly. Only in the most obvious and extremely unsustainable cases do the businesses actually implode. One has to have to literally levitate the whole company on thin air and have debt to income ratio of hundreds to one before something gives. That is why it took super-human efforts to make Enron fail and that is why the airlines (who lose money continuously, since anyone can remember) are still in operation. Running a business into the ground is only an option for a small operation where there is no way to hide the crookery or obtain government bailouts for any length of time. Note also even the very collapse of a behemoth like Enron managed to generate money for the crooks in form of, literally, hundreds of millions of dollars in "legal and consulting fees". Try that with your mom-and-pop shop.

I do agree that small businesses are not exempt from connivery, but my logic is simply this: if business size is kept in check, so is its power and the impact of individual businesses going rogue or simply failing. An IBM can in one fell swoop throw 16000 families into the gutter without even blinking in order to make a few more bucks for the managment, a 50 employee firm can at most harm 50.

But even deeper then that, there is simply a realization that large corporations are corrupting capitalism by reducing its potency to benefit society as a whole. A cornerstone of the system, the very mechanism by which the "invisible hand" is supposed to do its work is competition. If a company size increases and the number of viable companies in a particular field decreases, this in turn reduces competition and leads to oligopoly or outright monopoly situations, effectively destroying any benefits of the system to consumers, not to mention all the disastrously negative political side-effects. This process is in fact the most serious weakness of capitalism as it appears that the system is incapable of self-correcting this situation, contrary to its tenets.

Simply look around and see how many of the everyday products you use are manufactured by companies which have at most one or two viable competitors: Coke/Pepsi; Intel/AMD; Nvidia/ATI; Boeing/Airbus; etc. There are at most a dozen of car manufactuers whose vehicles you will see (many more brands but they all belong to few parent companies). There are just as few oil companies. The list goes on and on.

There are many such -- by now proven to the point of the absurd -- errors in the Adam Smith's plan which require alterations and overrides to save the whole process from reverting to an essentially feudal/mercantile scenario. Unfortunately it would seem that people either refuse to see the obvious or are more then happy to play along in hopes of securing for themselves a place in the ranks of the new "nobility".

I think a legion of slashdot readers blasting these contact details and sending trollish e-mails will only worsen this guy's situation: "Then he got his legion of goons to come to his defence, causing massive problems with our e-mail infrastructure and bringing our website to a crawl, before this had even got to court." That cannot be good.

I would advise any slashdot readers considering trolling this e-mail address to think carefully about the implications their messages might have on this guy, and refrain from contacting HMS unless they have something worthwhile and appropriate to contribute.

Very good point. I'd give you my last mod point, but I've already posted here. I too encourage those who reply to show restraint.

I sent a short email (50 words or so) using the contact page that basically said "The guy was trying to help. Leave him alone." My point was to let them know people support Chip, not to aggravate them.

because all I know about the case is what I read on slashdot and a site set up by this guys friends. I have no idea what is going on and I don't have time to fly to Kind of Prussia (wtf?) and look into it. Even if I did, I don't think the suits at his former employer are going to take the time to go through interviews with me so I can decide whether or not I should contribute to his legal fund.

Sucks for him if he didn't do anything wrong. If so I hope it works out. If it goes to court and he is found innocent-- then giving to the fund would be a lot easier.

The thing is-- it is quite possible that nobody knows he was doing something wrong except for him.

I don't doubt the depiction of verifiable events (law suit, search warrant, letter sent) and they lead me to lean towards thinking he did nothing wrong. But I don't know. And I'm not dishing up my cash until I do.

The fact that he is well known just doesn't have much to do with it. I've been shocked by what people I know personally have done. I've never met this guy before in my life. That he is a ski

...they lead me to lean towards thinking he did nothing wrong. But I don't know. And I'm not dishing up my cash until I do.

The purpose of a legal defense is not to exonerate the guilty. It is to ensure a fair trial. Whether you believe he is guilty or innocent, or whether you don't know, makes no difference. He has the right to a fair trial. At present in the United States, that means having a lot of money to pay a competent lawyer.

Pretty scary though that the judge would authorize grabbing all your equipment with no genuine evidence of theft/misappropriation of trade secrets. There ought to be a high bar set for the kind of disruption that causes. There's no reason discovery couldn't have been allowed to proceed in a less violent manner unless he wasn't cooperating.

If he didn't keep any of the company's information, they likely have no case.

If he was still working for the company at the time of the seizure, than chances are he had a full source tree on his home computer so that he could do test builds at home. All of which is perfectly normal and necessary to do his job. To the non-technical, the argument "why did he need copies of files he was not charged with maintaining?" may sound valid. However, anybody who has ever maintained software can tell you that you usua

Every company I have ever worked for has violated all sorts of labor laws. Start giving them a pile of minor regulatory headaches.

Then make sure you have a good shark for a lawyer. Make sure he has a technologically savy partner or associate that can understand the CVS and gateway issues.

Then countersue. They may have infinite resources compared to you, but they also have much deeper pockets to go after. If they are vunerable on this point, your lawers will be more than happy to go after that big paycheck.

If all you do is try and defend yourself, then they will steamroll all over you.

Actually, the EFF is a 501(c)3 organization, which means that its specifically restricted as to how much lobbying it can do. Instead, the EFF concentrates on being an advocacy organization, representing defendants and plaintiffs in cases where there's a chance of making good case law.

(Actually, in practice, *I'm* the majority of the lobbying bit. If I had any influence on dropping people, I'd be like all "Hey drop *him*! Now pick him up! Now drop him again! You other lawyers, bring me a mojito!". But that's not really how lawyers work, alas.)

It's disgusting that they can do this, particulary at such personal expense. Sadly, Chip has dug his own grave, I don't know much about US emplyment law, but I don't think whistle bower type protection will be any good, as he approached the company first, and not the authorities who are now chastising him.
Working for an ethically dubious employer is tough, say something, and they'll throw the book of selective dismissal conditions at you, say nothing, and, well, like myself, sometimes the roof over your head is worth keeping whilst you seek employment elsewhere.

No, that's not how it's supposed to work. As an employee, loyal to the company, you are supposed to have internal recourse available to bring illegal activity to the attention of your seniors, and all the way up the chain if you direct supervisor won't listen. You are not supposed to have to go to the police, since a company should be capable of cleaning up its own act. Going to the police means that the normal channels of reporting issues have failed.

the company president called me, and said that one of his employees has accused him of illigal acts. Please go to my employees house, and remove everything that he has that could be used to prove that we have committed illigal acts.

Yeah, Intel. He was convicted of three felonies [lightlink.com]. He was running a password cracking program on their servers. He had cracked computers not only on Intel's machines, but on the machines of some of their partners, as well. He'd also installed some backdoor programs on several machines at Intel. It was really stupid of him to do all of this.

None of the views expressed in the website constitute the views of the Armstrong & Carosella PC law firm, or anyprincipals or employees, or agents or experts who have been retained in any capacity in connection with the case.Information on this site is for educational purposes. Case Caption: Health Market Science, Inc. v Charles H. Salzenberg, Jr..Court of Common Pleas of Montgomery County, Pennsylvania. Case Number: 05-11918

Donate today, to theChip Salzenberg Defense Fund. Over $40k in legal defense fees incurred since April 23, 2005.Protect yourself from the same thing happening to you. Learn from this site, mirror it. Please donate. We thank you for your help.OMITTED from the Company's Pleadings,UN-INVESTIGATED by the Detective,it caused IMMEDIATE ACTION by the CEO,READ the LETTER that started it all!

Why care?

We didn't ask for this fight but we do hope that the telecommuting community learns from it. As a well known contributor to OpenSource and perl for many years, Chip continued his efforts to protect the spirit of opensource and the internet by attempting to inform his employer...sadly it brought on serious consequences in the form of an ugly legal battle with results that can affect all employees and consultants who hook up to an employer's network. We urgently need your help. The Chip Salzenberg Defense Fund is an escrow account sponsored by the law firm of Armstrong and Carosella to help pay the mounting legal defense fees for Chip Salzenberg and his family. The funds will only be used for legal costs to defend Charles Salzenberg and his family against Health Market Science, Inc. Donations are NOT tax deductible. Thank you in advance. We would love to hear from you.

Donate by email

You may send us your email address, name, phone number and pledge amount. We will email you back a "Request for payment".You'll be able to pay by credit/debit card or using your Paypal account. Send email to: gifts@geeksunite.net.

Donate by Mail

If you would prefer to mail your donation, please send it to the following address:

I am continually shocked and dismayed to see people write test cases, install scripts, and other random hackery using Perl. Perl is seductive because of the abundant CPAN modules and its TIMTOWTDI philosophy, so the path of least resistance is followed and a Perl script is written. Sadly, programming in Perl inevitably leads to one's employer taking legal action against the programmer.

The most common problem encountered with Perl programmers is pointing out embarrassing things about their employers. All they are able to do is white-hat hack or whistleblow. While some educators have fixed some of Perl programmers' flaws (closed-minded disciplinarians do much better here), many have added new ones. Most of their problems can never be solved because they're not inadequacies per se, but rather the direct consequences of intelligence and free-thinking.

I worked for a company out of Reno, NV (yeh, a hotpot of corrupt companies, I know) and when I found out they were trying to bilk millionaires out of VC capital, I just turned in my laptop and said that was my final day.

The company refused to pay me for my last two weeks of service or any vacation time I had built up.

When I attempted to get the money from them, they produced a list of dates I was not in the office (exceeding my vacation pay plus 10 days for the last two weeks of service). These were days I worked from home (and I actually WORKed from home).

I tried to appeal to the legal system, but got a big runaround. This same company sued other ex-employees for frivolous things, and the courts took this company (that had a history of this sort of thing) quite seriously for years.

The courts have it in their best interest to make sure lawsuits keep happening and go on for extended periods of time. It's job security for them, and they just don't care that it's a drain on the rest of society.

Money and power are clinching their position in this country, and VERY rapidly. Combine the "Patriot" act with limiting freedom of the press to gutting of whistleblower laws to widespread corruption and add in a good dose of "liberal" bashing taking the form of "get tough on crime" and you get what we have.

Too late now, I'm afraid, and it will ge a *LOT* worse before getting any better.

It has recently come to my attention that that HMS is continuing the illegal and immoral
web harvesting operation that I brought to Rich Ferris's attention over a month ago, in a
conversation including Tim McCune. HMS's continued harvesting operations are a threat
to me legally, morally, and professionally.

That HMS systematically collects data from web sites without the express permission of
their owners is well known (inside HMS). Some web site operators are not pleased when
(if) they figure out that their sites are being harvested. They sometimes respond by
blocking the network addresses of the harvesting machines. This was a common problem
in harvesting when I hired on to HMS in December of 2002. At that time, the accepted
strategy for getting around such blocks was to obtain multiple web hosting accounts to act
as proxies for HMS's harvesting systems. I did not then realize that knowingly bypassing
blocks placed by web server operators was illegal. (As a result of other research, detailed
below, I now know that has been illegal all along.)

As bad as HMS's past harvesting practice was, current practice is worse... much worse.
HMS has taken a page from the spammer playbook and is, deliberately and under
management direction, hijacking thousands of vulnerable machines all over the
Internet, using them and their network bandwidth without the knowledge or
permission of their owners as unwitting accomplices in HMS's data harvesting
operation.

I have confirmed these facts in conversations with several people with first-hand
knowledge, including Tim McCune and John Marquart. I asked Tim McCune about
HMS's proxy hijacking in the presence of Rich Ferris, a vice president of HMS and a
company founder. In that conversation, Tim McCune confirmed to Rich Ferris and me
that proxy hijacking was standard practice. Shocked, I informed Tim and Rich that proxy
hijacking is very illegal and immoral. They were unmoved. I also have witnesses for other
conversations.

I have also confirmed that the Harvester source code - which I, as a Senior Programmer,
am authorized to access - includes Java code which collects lists of such vulnerable
computers, called "open proxies," from web sites that maintain lists of them. I have also
found the Java code which uses such proxies, without the permission of their owners, to
connect to the sites that HMS harvests. The offending source code was written by Rob
DiMarco, Tim McCune, and Jason Franklin.

This deplorable activity by HMS has serious legal, moral, and professional implications.

First, the legal.

I am not a lawyer, but I can read the plain English of the Pennsylvania Consolidated
Statutes, and it is clear to me that hijacking the computers of random people is a crime in
Pennsylvania. Under PSC 3933, every instance - every single instance - of hijacking an
open proxy is a misdemeanor of the first degree.

HMS is committing these misdemeanors
by the tens of thousands, under explicit management direction, and in accord with
corporate strategy. One petty theft may draw little attention; but tens of thousands of petty
thefts, all made by one company, at explicit management direction, and in accord with
company strategy, might well lead to unpleasant legal consequences. Even a small fine is
painful when multiplied by a hundred thousand.

HMS thus makes itself an attractive target
for prosecution by a state's attorney who wants to show himself tough on corporate crime.
HMS could be a stand-in for the spammers who commit the same crimes.

HMS's legal exposure is not limited to Pennsylvania. A number of the sites that HMS
harvests are run by governments of other states who would be

They got caught with their hand in the cookie jar and immediately attempted a smear campaign to draw attention away from themselves.

Further, on nothing more than the company's say-so, they got a search and seizure warrant from a judge who was obviously unfit for service by the very fact of his signing it. Actual investigation and evidence is required usually for this kind of thing and it seems to be a case of "he-said, got the warrant, screw what the other guy said" sort of thing. Having been the victim of this myself, I am not surprised. Saddened that it continues, but not surprised. People who love increasing the powers of the state for their political aims can just as quickly be the nail getting pounded down by that same state.

What is so shocking is that they think they will get away with it. All that are needed are logs from servers harvested by this scumbag outfit despite their attempts at a polite no through robots.txt, etc., and it will become a landslide against them with the first lawsuit for the intrusion.

Purchase a small micro-cassette recorder for use when entering potentially "heated" discussions with management. (or sometimes even other employees)

You will want to check your local law, but MOST states permit a concealed recording device on a person when there is no "perceived expectation" of privacy (don't record anything in the bathroom) or when more than 2 people are party to the conversation.

I've only had to resort to this tactic once, but it saved my job and cost the Veep his....

I've always been kind of hesitant to try something like this myself because I get the feeling that once I got my "gotcha" moment and saved my job, the rest of my days working there would be tainted by my having done this. I just get the feeling that I'd be treated poorly and the management would probably be searching hard for a way to get me fired cleanly. Did you have to put up with much crap after doing this? Maybe you have to weigh the pros and cons before doing this kind of thing.

Although your person is pretty well protected by the Constitution, your property is not.

Your computer can be seized -- and pretty quickly. All non-trivial data (including risky photos of your partner) should be encrypted on disk. Major operating systems support this option -- including FreeBSD [freebsd.org], Windows, and, no doubt, Linux.

Certainly, "honest people have nothing to hide", but it is not even so much about winning the case (you will, likely, prevail), but also saving yourself a lot of time and money. Your adversary will go through all data found on your machine and your lawyer (don't even think of not hiring one) will be billing you in proportion to the amount of things, the other party brings up. Even if all of it ends up being nothing.

True, the opponent may demand, that you decrypt the data -- but you (your lawyer) can fight that demand -- it will likely be cheaper, than explaining away all messages in your ExEmployer-folder.

Do not rely on mere obscurity -- I found out first-hand, that even FreeBSD is "mainstream" enough for professionals (yes, there is a good market for these services) to know it. They came with software (something from SourceForge) to search through filesystems (very easy -- "grep" for the disk devices). For Linux they'd probably even have GUI.

Treat these guys decently -- they are just doing their jobs. If you do, they are more likely to overlook your older computer, which will let you post about your troubles on Slashdot when they are gone.

Set up encryption. Encrypt your back-ups, before they leave your computer. Do not automate decryption so that it happens by itself on boot (duh!)

When you are done, treat yourself to "Cryptonomicon" [amazon.com] for fun and more behind-covering ideas.

My name is Douglas Muth, and I live not too far from King of Prussia, PA.

Back in 2001, I was laid off from my previous job and looking for work. I interviewed with Health Market Sciences sometime around that July for a Software Engineer position, and it was an interesting experience. I met some of the people from that company and was finally interviewed by one of the Vice Presidents, a guy by the name of Rich Ferris. Rich seemed pretty impressed with my resume and said something to the effect of "we'll get you an offer by the end of the day".

So, I went home and gave Rich a call at the end of the day. But suddenly his story changed, and it was, "I had problems getting the offer through HR (or somesuch), I'll have one for you on Wednesday".

Wednesday came, and I was told, by Rich, to call back again on Friday. Friday came, and they were having money issues and would get back to me on Wednesday. Finally, next Wednesday rolls around and I'm suddenly told, "Well, we really want to hire you, but we don't have the money right now, so we cannot make you an offer".

So what it boiled down to is that I was led on by that company for over a week with the promise of employment, only to have it yanked out from me because they didn't have their stuff together. It was a total waste of my time, and the time of the job recruiter I was working with. If they didn't have the money, they shouldn't have been hiring in the first place. The whole experience left me rather bitter.

Having just read the letter, I can only conclude that HMS was right in seeking legal defence against Salzenberg immediately to protect themselves. Perhaps he should have sought legal advice immediately instead of [i]threatening the company he works for with legal action[/i]. He made some hefty allegations in that letter, and also disclosed that he had been snooping around software that he wasn't involved with but had "the right to access" as a Senior Programmer. IANAL and I obviously haven't read Salzenberg's contract with HMS, but I would imagine that if he's not working on the code and browsing other people's projects from home in the interests of taking legal action, this gives HMS grounds to file a suit against him or at least gives them an incentive to shoot first.

This all looks to me like an ill considered vigilante mission gone horribly wrong. It's like shouting "hay guys, you're all crooked bastards and you should be in jail. I'm thinking about taking you fuckers to court! Can I keep my job though? Don't sue me!" What he should have done was file for legal action immediately, and/or resign from the company on legal/moral grounds. Resignation would have looked a lot better, would have relieved him of some of the moral issues, and would not look like he was about to try and sue the company for a ton of money.

I agree with his stance and his moral position, but this was a perfectly stupid and arrogant way to handle the situation. As a Perl hacker I wish Salzenberg the best, but I can't agree with the way he's fought this battle so far.

Ok, the Pennsylvania Common Pleas Court is partially online, and the docket sheets are available with a little digging. Too bad the full text isn't available.

CRIMINAL MATTER: Docket Number: CP-46-MD-0002495-2005. Filed 4/27/2005. CASE STATUS: CLOSED. Last event was a hearing on the return of property, on 6/10/2005 before Judge William J. Furber, Jr.

CIVL MATTER: Docet Number: 05-11918 (Judge Hodgson). A deep link to the docket sheet is http://12.40.122.125/FCP2.WEB8/0/P12DIS?CASE-NO=05 -11918 [12.40.122.125]. Looks like a motion for a temporary restraining order and for expedited discovery and preservation of documents was filed on April 26, and was granted ex parte (without the defendant being able to argue) by Judge Joseph J. Smyth. The latest emergency motions appear to be filed to reinstate this order, presumably as a result of the computers being released after the criminal matters were dismissed. I am very curious to know what's going on with the intervenors - Radian Guaranty and Lisa Perdichizzi. It's Perdichizzi who filed a motion for sanctions against the Plaintiffs on June 22, and there's nothing on the docket sheets since then.

When somebody says, "I'm not a lawyer, but I know that..." there's a good chance that something nasty is about to happen.

Chip is engaging in a legal crusade against Health Market Science, and doing it without legal advice. Naturally, HMS does have lawyers, and consults them as to the best way to screw him over. Screwing precedes. Gosh that's a suprise.

I've been in a very similar situation recently, and also ran into huge legal bills, from a contracting client who made outrageous claims. It was the worst experience of my adult life. I can't go into any details, but it was terrible, and the case turned on the same kind of criminal trade secret laws. These trade secret laws are so prone to abuse because they take what are effectively civil issues (ie, business disputes) and get the criminal justice system involved. Let me tell you, all this thing about "innocent until proven guilty" is nonsense. Yes, you are "innocent until proven guilty" when you actually get to trial... but by the time you get to trial you've already gone through hundreds of thousands of dollars in legal bills. Where does the average guy come up with that kind of money? I'll give you the answer: he sells all of his assets (house, everything) and he still doesn't have that kind of money, so he ends up getting a public defender, and public defender = plea bargain = no trial.

Basically these trade secret laws let big guys with resources or connection punish small guys (us) without any legal process. We're out tens of thousands of dollars just from the moment the process begins, without a court or a judge even having seen the issue.

There's also the emotional factor. It's terrifying. If I got a criminal trade secret conviction, I would never be able to work in the programming field again. What else could I do? My life would be ruined even if I got probation only. The fear is incapacitating. It's like someone telling you "you have cancer." Even if the cancer is treatable, it is terrifying.

Anyone in the programming field needs to be aware of these risks. You don't think about it because a) these things usually do not result in convictions (in TFA's case, if his telling is accurate, there is no evidence of any wrong-doing) and b) when they go away without a conviction, we're all scared to talk about them (like I am posting as AC right now). But even if the case goes nowhere, running into a $40k legal bill is disastrous. That's a downpayment on a house. That's 100% of your after-tax income for more than a year (probably). That's your new-car and vacation fund for several years. That could cause so much financial stress as to lead to divorce, family estrangement, etc. That's "liquidate all of your assets right now and borrow from all of your relatives" disastrous. That's a penalty this guy is suffering without any trial or judicial overview. That's (possibly) without even having a grand-jury rubber-stamp the police side of the story.

I'm afraid to even post this lest it have some bearing on my situation, but I'm posting because I want all of us Slashdot crowd to be aware of it.

I don't really have a solution, but one thing that seems to help is to put up a very aggressive and determined defense from the very beginning. Let everyone involved know, "there will be no plea bargain. There will be a vigorous defense. Trying to bring a civil matter into the criminal system will not work and I'm not going to beg for mercy. If it gets to a trial, we're fighting all the way and there will be an acquital."

This guy is brave to even be talking about this publicly. I'm sure his lawyer advised him not to (mine did). Most of us who are victims of this are silent victims like me.

I moved out West in 1997 to work for a company (heading up a software division for Windows) that a friend had bought into. Long story short, he and I found massive corruption (embezzlement) within weeks. He brought it up at a board meeting, and the next day was kicked out of the building, voted off the board (illegally it turns out) and his stuff left on the curb. I quit the same day.

At 7 AM the next morning, the sheriff was at my door with their lawyers in tow. Fortunately for me, they screwed up the warrant and were unable to seize my hardware, but they took a very detailed inventory of everything. Even more fortunately, my friend HAD consulted a lawyer before confronting the board and he (the lawyer) had the whole thing search/seizure suspended. The courts finally found the company's motions meritless (and fined them!!) They ended up with a huge lawsuit against them from several board members once the whole picture came to light, the BSA came down on them like the wrath of God (thanks to a cover your ass maneuver by the CIO) and the whole thing went into the crapper within 8 months.

ALWAYS consult a lawyer when doing any sort of confrontation with your employer. You need something to back you up. If they are doing something scummy, there is NOTHING that will stop them from doing something scummy to you in return. I should have done so before the board meeting, even though I wasn't directly involved. But my friend saved my ass. He lives 2000 miles away now, but I still send him thank you notes.

Hah! First job I worked after college we had 3 developers sharing a Polyforth development system running multiuser in 12K of RAM with no memory protection. When you dropped out of the editor to test something you yelled "save your buffers"... because Polyforth didn't even use stack sentinels so just about any syntax error meant the system crashed and had to be rebooted.

If it were me? Well, there would be a wide number of possible responses I could expect from the employer, but producing false information to police and courts to produce illegitimate legal action and have my private property unreasonably seized-- property which I may or may not ever see again once it disappears into the "evidence" system-- is not one of them.

Anyway if he had resigned how would it have helped him one iota? He'd still be facing a frivolous and expensive lawsuit and have all his stuff jacked.

Anyway if he had resigned how would it have helped him one iota? He'd still be facing a frivolous and expensive lawsuit and have all his stuff jacked.

Well, aside from the wrongfull lawsuit, if he had resigned under threat he could have applied for unemployment benifits and get his employer embroiled in arbiration (a free and apparently abritrary by some standards method of dispute resolution.) Not only would that help tie up the company and give backing to his (potential) counter-suit, but he might make some money to help with the bills.

<PARANOIA>Finally, if I were a high-profile FOSS developer, I'd invest in a wireless adapter and a decent SOHO SAN box. Put that baby inside a wall with a UPS. It's impressive what you can do with a drywall knife, some 12 gauge homegrade wire, and a decent amount of drywall patch. Let them raid all his stuff, his data would have had remained 'safe' and all his HD's clean (save any cache/tmp/~ files.) Hell, get paranoid and setup the SAN to re-encrypt the drives and shut off if certain files aren't touched every X minutes.

Chip's problem now is that 100% of his admissable evidence is in the hands of a known immoral and hostile agent. There is no practical way to back up his claims without more money. Any 'evidence' he gets back from those machines may be unreliably tampered after the police's uber-windows nerd gets done trashing his probablly non-windows boxen.</PARANOIA>

When the police find something "suspicious", you don't just say "oh, I have this perfectly plausible excuse which sounds highly improbable to technical incompetents like you" and walk away. Trust me, I know. I had to jump through some pretty ridiculous hoops with a detective once just to prove that it was not, in fact, uncommon for a brand-spanking new hard drive to appear "wiped".

The justice system is a misnomer. It's not a "justice" system, it's a "legal" system. Justice would imply that all parties are acting in an informed, responsible, and full-capacity manner, which is probably the sickest joke one could make about our incompetent, bungling court system.

Chip Salzenberg is fucked. You would be fucked if you tried to right off your little hidden system with that excuse, and you'd probably get charged for trying to interfere with the investigation and giving false information to the police if you used it.

IANAL, and I know this varies by state, but this kind of retribution and harassment for filing a complaint may be very illegal, and the company may have opened themselves up to liability for it. I know reporters of sexual harassment or discrimination are protected from retribution, and it would be interesting to know what protection a whistleblower for unethical behavior has under state and federal laws.

Regardless, no one deserves this treatment for stating their beliefs the company is doing something wrong.

Deserves? No. Expects? well, that's another matter entirely. If you've already confronted the founder of the company and pointed out that the business practices that he himself WROTE THE CODE to perform are, in fact, illegal... and he didn't seem shocked and appalled by that news... then odds are, he's already well aware of the legal status of his company's activities, he's a (wealthy? powerful?) unscrupulous bastard anyway, and won't mind squashing you like a bug if it keeps things just the way they are.

honestly, people- if your company's financial success is built on illegal behavior, and the guy who owns the majority of the company set it up to be that way, why would you think he's going to change anything just because you were bright enough to notice? The best you could hope for is that, when you try to blackmail him into splitting the profit with you, it's not just cheaper to have you killed.

Picture this: Vince Coll walks into Dutch Shultz's office.

Vince: Hey Dutch, I've been thinking.Dutch: That's a dangerous habit.Vince: You know, this Prohibition thing? That makes alcohol illegal right?Dutch: Yeah.Vince: So, all this beer we're selling, that's illegal too, right? Dutch: Yeah. That's why we make so much money. Vince: Well, I don't feel so good about breaking the law.Dutch: I don't like where you're going with this.Vince: I think maybe we should, you know, stop? Dutch: Don't make me shoot you in my office.

I can understand why Chip had the moral problems that he did, but he sure picked a naive way to try and resolve them. There IS a federal whistleblower statute, so if he went to the Feds with his first letter he would have been legally protected from retaliatory action from his employer... but keeping your job after you've turned them in doesn't do you any good if the company's only revenue stream depends on illegal activities.

I really don't care about what's "expected" in this situation, and I don't care whether he was naive in his approach or not. What I care about is that if a company retaliates against someone for pointing out unethical behavior, files fradulent charges, and drags him through legal and financial hell, that they get their ass nailed to the wall.

(This is based entirely on conjecture. None of us really know what went down for sure.)

How do you blackmail an employer by filing an internal memo that can be traced by anybody in management? Blackmail requires some basic form, what's the threat and what's the demand?

It's more plausable that the company feared the files that would prove that they were breaking the law were copied on his home computers and made something up with their lawyers to get his computers for "imaging". He might or might not have been planning on going public, but their reaction is totally over the top. We'll see if a

Threats?
Where do you arm chair lawyers get this crap? He brought this to the attention of management through a memo and stated he would have nothing to do with it and report it to the authorities if it didn't stop. That is a threat?
Next time someone does something illegal and you know about it, don't say a word. Then when that person gets caught you tell the authorities that you knew what the person was doing all the time but you didn't think it was any of their business.
Then let you know what hap

Yes but how is it that a judge or magistrate (I'm sure under intense pressure from the police department) will issue a search warrant without hard evidence of any illegal activity? Strongarm tactics like this are what is wrong with our judicial system today.

Strongarm tactics like this are what is wrong with our judicial system today.

Actually, what's wrong with our judicial system today is that not enough people take interest in it. How many people take the time to do the research on judges before going to vote? Since most judicial races are non-partisan, it can be difficult to tell if a judge shares your political leanings. So people vote for judges (and legislators for that matter) because they recognize the name from a sign that they saw on the way to the polls.

If you don't like the system then work to change it. Find tech-friendly judges and then run around town putting up their signs on election day.

I think what's wrong is the election of judges. To any lawyer observer from another common law country (like me), it just seems unbelievably wrong.

If you have to put yourself up for election, you will be deciding cases with a view to what potential voters -- really, just people mobilised by issue organisations, given how uninterested the average member of public is about voting --might think. This is either playing to mob mentality, or playing to vested interest groups. Either way is a recipe for bad judging.

The whole point of judicial independence is that judges will only feel free to take courageous decisions, and to avoid knuckling under to the government in power at the time, in particular, if their jobs are secure. That is, they can't be fired, and they can't have their pay reduced so much that they have to quit. Having to be re-elected to office is very much a serious job insecurity.

I would hate to have any of my legal rights determined by a judge with an eye on the opinion polls, the lobbysists and the millions of dollars in the bank accounts of sleazy, smoke-filled backroom operators itching to replace them if they decide cases in a way of which they disapprove.

I know plenty of judges in a number of countries, and have been employed by one at a court. Invariably they are horrified by the system of election of judges. Basically: they cannot see how many elected judges would feel comfortable taking an unpopular decision. Unpopular decisions being ones that (i) are against the prevailing mob mentality at the time and (ii) invariably turn out to be correct when viewed after the event, when passion and emotion has cooled, and what is left is the objective facts.

We've seen what playing to voters does to politicians. Why inflict it upon the judges too -- who are usually the ones who have to keep the politicians in check?

I read the affadavit, and I saw no legal basis for the seizure of this man's property. This was one step above an anonymous tip. I imagine the conversation might have been like this: Mark Brosso: "Look! This guy that we've employed for 2+ years at a job involving software development has been transferring data to and from our network using our computers! He's a thief! Seize him!" Affiant Det. Al Elverson, Jr: "Er, didn't you, his employer, issue him the computer and the account? Wasn't it his job to access your computer network? Didn't his job involve transferring data? If you wanted him to stop, why didn't you deactivate those? Do you have any EVIDENCE that what he downloaded was outside the normal course of his work? Can you prove to us that you have even informed him that he is no longer authorized to access the data? Can you prove that any of your trade secret information has been disclosed to ANYONE? So, you have a SUSPICION that a person who you employ MIGHT have trade secret information on his company laptop, or on removable media... which isn't illegal, since he hasn't DISCLOSED it... and you want me to bring the force of the law in to seize private property? I think I can find a judge that will do that..." Judge: "So, you have no evidence of any actual wrongdoing, and you want me to sign a warrant to seize private property? Sure! Where do I sign?

For, who the good fortune to be able to vote AGAINST someone who would issue a warrant for the seizure of computer equipment based on the affadavit of someone who couldn't even use a word processor to edit the request (see for yourself! It's obviously copied from a drug-related case, with the drug parts CROSSED OUT), without any actual basis of suspicion other than one man's un-sworn complaint against another, the issuing judge is the Honorable Jeremy Blackburn. Remember that when his term is up. Unfortunately, I think his district is in Chester County (where the property was seized), not in Montgomery County (where Salzenberg works, and where I live), so I don't think I get to vote for him.

There are so many better ways to be a whistleblower and be protected from retaliation. However, before you attack a company (even rightfully so) lawyer up and make sure you have all your ducks in a row so that this type of retaliation doesn't occur. Or use an anonymous source such as ethicspoint.com. While this may seem a coward's path, it in fact can save your job.

There is still hope for the legal system. Title VII, the FLSA, and I believe all state laws have anti-retaliation language that protects y

Chip isn't a whistleblower. Whistleblowing involves running to external authorities with a story.

Chip complained internally. That's allowed. That's ethical. He was giving his employers a chance to sort out a problem. The open proxy scam might have been in contravention of company policy.

Unlikely with hindsight, I'll grant.

OK, I'm missing your point, I know. I don't even disagree with your advice. All I'm saying is let's watch the terminology. A lot of people will thing "Whistleblower, pah! He had it coming!" when nothing is further from the truth. He got into this mess because he gave his employers the benefit of the doubt.

Chip's mistake, from what I can tell, is not consulting with a lawyer before he did anything. The letter he wrote, while a great "f* you" letter to his employer, made a couple of mistakes that almost lawyer would've told him to leave out. Including the threat of legal action.

Once someone threatens you with even possible legal action, most companies go into offense mode. It's not really a choice they have, they have to protect themselves and what they see as their intellectual property. (I say it's not a choice because it's what their counsel tells them. They can also choose to ignore their counsel, but then few companies do that since it defeats the purpose of engaging such counsel in the first place, at least in their minds.)

I feel badly for this guy and will likely contribute to this fund. But I can't help but think there was a better way of handling this situation before it got down to an employee threatening their employer with legal action if they don't stop a behavior they, personally, find objectionable.

If you don't like something your company is doing, let them know you don't like it. If they say, "Tough sh*t," then you have two choices -- leave on your own, or stay and suck it up. Staying and making threats against your employer isn't likely to be tolerated by anyone, anywhere.

I'm tired of crap answers like this. What do I expect them to do? Act responsibily and don't abuse the law.

What the fuck is up with nerds on slashdot thinking that companies acting like this should be acceptable, reasonable, or predictable? Yeah, it's all those things as long as you let it. I mean shit, if my company pissed me off and filed false charges against every level of management, would that be acceptable or predictable? Why is it okay for companies to act like this and people just accept that it's

HMS fabricated evidence in order to have the police raid Chip's house and sieze his computer equipment.

Chip threatened his own employers with legal action. What do you expect them to do?

Have your expectations regading business ethics fallen so low that you expect all companies to break the law as a matter of routine? Or are you suggesting that this is acceptable behaviour for an employer? Your message reads as though you approve, which may not be what you intended to convey.

HMS was already knowingly engaged in illegal activities. So probably Chip should have expected their response to be similarly illegal. With hindsight, that seems glaringly obvious.

But to simply dismiss that the company's actions with "what do you expect?" is foolish and dangerous. If we grant acceptance to such activities what can we expect the next time some CEO decides to push the envelope?

I mean yeah, ok, ScumBagSoft sent some goons around to beat the guy senseless, rape his wife and kidnap his kids. But, you know, he was like rude to his CEO in public. What'd the guy
expect?

It looks to me like Health Market Science shares a Copyright with Chip on some of his Perl work.

What did Health Market Science think they were getting for their funding dollars?

AUTHORChip Salzenberg,

ACKNOWLEDGEMENTSThanks to Heath Market Science for funding creation of this module. Thanks also to Larry, Damian, Allison, et al for Perl 6 subroutine syntax, and to Damian for Filter::Simple and Parse::RecDescent.

I dont know about PA, but in California he absolutely would. I was in a situation where I was asked to do something extremely illegal, and I was able to report the problem to a different part of my organization which then *called* a Detective and DA to prosecute members of their own organaztion. I ended up wearing a wire in two undercover operations... However, they were unable to prosecute because the guys wised up somehow and did the scam in a way that was extremely hard to prove. Throughout the whole

It might be a violation of the terms of service with their ISP, but I'm not sure it's illegal... In any case, if what he was doing turns out to be illegal then it really doesn't matter if he has the goods on the company or not.

Depends on which "what he was doing" you mean: if what the company is accusing him of doing were true, whistleblower laws would not protect him. But the charges they are leveling reek of retaliatory accusations with no substance. He is protected from that.

If the actions he took at the company's behest (ie, developing software to work around ISP blocks of their spyders) is illegal, whistleblower laws do protect him, provided he reports the illegal actions to the proper authorities when he becomes aware of their illegality.

Here's an employee who's signed an agreement not to disclose trade secrets, and he's threatened to disclose the source code.

Where did his letter say that? I just read the entire thing and do not recall any threat to disclose source code. He simply said that he looked at the source code, which as a Senior Programmer, he was authorized and verified that some of the claims he made in his internal letter were valid (ie; code doesn't use robots.txt, code culls current list of open relays from online databases, etc).

He said he could not work on an project he felt was violating the law.

As far as the company perspective, I have not seen it so I cannot comment. Personally, his internal memo was much too details for most executives to understand. He should have layed out his concerns at a high level. Actually, he should have first contacted the press and law enforcement.